Australian Electoral Commission

RFQ: Cyber Security Monitoring Design and Deployment (AEC 18-717)

Important dates

Opportunity ID
Deadline for asking questions
Friday 4 January 2019 at 6PM (in Canberra)
Closing date for applications
Friday 11 January 2019 at 6PM (in Canberra)
Friday 14 December 2018


Write a summary of your brief

The AEC is seeking expressions of interest from vendors capable of providing a short-term, event based security monitoring of internal AEC systems, via the provision of a 24x7 Security Operations Centre (SOC).

What is the latest start date?
How long is the contract?

Until the end of the 2019 Federal Election

Where can the work take place?
Australian Capital Territory
Who will the specialist work for?
Australian Electoral Commission
Budget range

About the work

Why is the work being done?

The AEC is seeking expressions of interest from vendors capable of providing a short-term, event based security monitoring of internal AEC systems, via the provision of a 24x7 Security Operations Centre (SOC).

What's the key problem you need to solve?

Design and implement a monitoring capability (by end of January 2019) to

i. detect and identify common or generic system or network compromises or compromise attempts against the AEC’s systems; and

ii. detect and identify defined specific compromise attempts against electoral systems.

Provide a monitoring services as follows:

i. From the announcement of the election until the declaration of the results of the election (anticipated total period of 8 to 10 weeks), a live alerting system for significant events, plus at least daily review of log files;

ii. On Close of Rolls day; continuous “eyes-on” monitoring from 8am (East Coast) to Close of Rolls 8pm (West Coast), with a SOC liaison located at 50 Marcus Clarke Street, Canberra during this time;

iii. From three days prior to the election (7am Wednesday), until two days after the election (5pm Monday); continuous 24 hour “eyes-on” monitoring

Describe the users and their needs

Refer to full RFQ. Please request the full RFQ by email to

What work has already been done?

Who will the work be done with?

IT Security team

External suppliers of IT solutions to the AEC

Any additional relevant information?

Respondents must obtain the full RFQ and respond to the requirements as detailed in it.

What phase is the work in?

Work setup

Where will the work take place?

50 Marcus Clarke St


What are the working arrangements?

As per RFQ

Is security clearance required?

Staff with access to AEC log data must have at least Baseline clearance

Additional information

Additional terms and conditions


Respondents are asked to:

1) email to request the full RFQ

2) submit your full proposal via email to before 18:00 AEDT 11 January 2019.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate sellers’ technical competence.

Essential skills and experience
  • have experience designing a SIEM for collecting and analysing log files
  • have resources to deliver the project outcome within the required timeframe
  • have nominated staff with the necessary technical skills to deliver the project outcome
Nice-to-have skills and experience
provide evidence of experience with operating a Security Operations Centre

How sellers will be evaluated

How many shortlisted sellers will you evaluate?
Proposal criteria
  • Technical solution
  • Value for money
  • Estimated timeframes
  • Approach and methodology
  • Quality of nominated personnel
  • Supplier's risk management processes
  • Experience in delivering similar solutions
Cultural fit criteria
  • Work as a team with our organisation and other suppliers
  • Transparent and collaborative when making decisions
  • Understanding of electoral processes and principles
Payment approach
Fixed price
Assessment methods
  • Written proposal
  • Work history
  • Reference
Evaluation weighting

Technical competence

Cultural fit


Seller questions

Seller questions
Seller question Buyer answer
1. Please confirm due date for delivery of solution. 8b in the RFQ states end March 2019, the brief summary states end January 2019 The discrepancy between 8b) and the summary is an error. End March 2019 is the correct and planned delivery date for a May 2019 federal election and is the date that suppliers should be working towards. Should an election be called for earlier than end March 2019, the AEC will seek to negotiate an earlier delivery date with the successful supplier
2. Must all log files remain in Australia, or can an overseas solution be proposed? Log files containing PII must remain in Australia. Other log files that do not contain PII could potentially be analysed by an overseas SOC, the AEC will perform a risk assessment considering factors such as location, security of facilities, personnel involved (clearances), etc., to determine if an overseas solution is acceptable, on a case-by-case basis.
3. What classification is the data on the network? All AEC data and systems that this RFQ pertains to is Unclassified DLM.
4. Who is responsible for carrying out incident response post triage? AEC will log a case internally and handle incident response post-triage.
5. Does the AEC have a full list of logs to be ingested and analysed? This is presently being compiled and will be made available to the successful supplier. However, it is expected that workshopping during the design phase will discover additional logs required.
6. Where is the AEC Data Centre? AEC has two data centres, both hosted in Canberra in commercial data centre space (Unclassified DLM)
7. Is there a prescribed format for the response? No. Suppliers are free to respond in any format they wish.
8. Can the due date of 11 January 2019 be extended? Unfortunately, no extensions are possible.
9. Is it still necessary to respond via the Marketplace using their template response in addition to the full proposal sent by email? No. When the brief was first released, there was a technical issue with closing dates in the Marketplace which has been overcome. There is no need to respond via the Marketplace. Full proposals should be submitted to
10. In what network is the current AEC Splunk deployment located and what are the technical specifications of the server/s involved? The existing Splunk deployment is an on-premise deployment and is located in the AEC Production network, at the primary data centre in Canberra. It runs on a cluster of four indexers and a search head (HP Blades). Technical specifications are not immediately at hand due to staff absences, however, the system performs at close to capacity currently. This response will be updated with specifications upon return of system engineers.
11. The RFQ nominates a delivery date of end March 2019. What if an early election is called for March? In the event that an election is called for March, the AEC would seek to renegotiate contract delivery dates and costs with the successful respondent.

Interested in this opportunity?

Before you can apply for this opportunity, you need to:

  1. Register to join the Marketplace.
  2. Submit a case study and pricing and check your documents are up-to-date.
  3. Request an assessment of your chosen case study.